Open sgiehl opened 1 year ago
The currently limited user permissions could in some cases be a security issue - like when using API to export data to an endpoint, and if someone just changes the parameters, data that never should be exposed outside of Europe (as an example - like GDPR restrictions), could be exposed. To solve this we have in some cases needed to write our endpoint, to restrict the data transferred.
(A user emailed us: "This looks very good. The following requirements are missing"...)
We don't want to grant many admin rights, it would make sense if users with the "write" role could do these things.
A user asked for this feature.
Is there any way to limit... segment settings so only admins can create?
Summary
Matomo currently only serves these type of user access: super user, admin, write, view and anonymous. In addition, there are some capabilities to restrict access to certain tag manager features.
Especially the roles super user and admin are quite broad, and it's not possible to restrict them further.
As we already had a lot different requests related to this topic, I'll try to summarise those requests here and append the list of related issues, so we don't forget them when implementing a new permission system.
Requirements
Possibility to set fine-graded permissions:
Possibility to create user groups/roles for easier permission management
Before implementing this, the whole permission system needs to be defined in detail, as it can easily become quite complex when e.g. combining access levels per site with anything else. Someone could e.g. be allowed to view a report on one site, but not on another and stuff like this. To make that configurable easily in the UI, we need to discuss a proper UI/UX approach as well.
Related issues that should be possible to solve with a new permission system
3389
5703
6585
6660
6844
8697
10233
11149
13139
14570
15368
16099
18681
19074
19424
19894
20135
20487
20716
21651
22122
22635
replaces #1568